If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Another setting that may help is to turn off the "reply to sender" option for infected mail in your AV gateway scanner. That option just adds a lot of overhead to the system that you just don't need at times like this.

Since the source address is likely spoofed anyway, it just generates a bounce and more overhead. Best to just trash 'em.

Cleaning compressed mail attachments
Cleaning compressed files attached to an email message involves decompressing the compressed file, cleaning the contents, and then recompressing the file. For example, if there are five files, A.doc, B.doc, C.doc, D.doc, and E.doc: C.doc is infected with a macro virus, and they are all packed into a single compressed file called docs.zip: [docs.zip(A.doc, B.doc, C.doc, D.doc, E.doc)]. You can set Trend Micro PC-cillin Internet Security to detect the virus in C.doc, issue an alert, and write the event to the Virus log.

If you have selected the Clean viruses in compressed files check box, because C.doc is in the first layer, Trend Micro PC-cillin Internet Security will automatically execute the Clean action when Internet Security detects a virus up to the second layer.

Important: PC-cillin Internet Security is able to carry out this Clean scan action only if the infected file is contained in the first layer [docs (A.doc, B.doc, C.doc, D.doc, E.doc)] of the compressed file.

However, suppose C.doc was located in a deeper layer of compression, for example, (docs +2.zip{docs+1.zip[docs.zip(A.doc, B.doc, C.doc, D.doc, E.doc)]}). Although PC-cillin Internet Security could detect the virus, it is unable to perform any scan action. Therefore, if you want to clean C.doc, use WinZip, or another compression program to decompress the compressed file. When the individual files have been decompressed, right-click C.doc and click Trend Micro PC-cillin Internet Security. Trend Micro PC-cillin Internet Security will perform the scan action you have specified.

I also got like 5 viruses today attached to bogus emails with the same virus and one of them looked almost legit except the text file was in a zip so I got suspicous and scanned it first. Turned out to be the same virus. I thought someone intentionally was trying to screw up my computer but I'm glad I'm not the only one.

Now I'm no expert on this sort of thing, but is this the typical style of mail ?
Has the senders address been spoofed ?
Or are they 'owned' ?
would you consider sending the sender [office@parkwoodprojects.co.uk] a mail to let them know what is being done in their name ?

Or do we just delete and get on with life ?

55 - I'm fiftyfeckinfive and STILL no wiser,
OLDER yes
Beware of Geeks bearing GIF's
come and waste the day :P at The Taz Zone

Originally posted here by foxyloxley
Now I'm no expert on this sort of thing, but is this the typical style of mail ?
Has the senders address been spoofed ?
Or are they 'owned' ?
would you consider sending the sender [office@parkwoodprojects.co.uk] a mail to let them know what is being done in their name ?

Or do we just delete and get on with life ?

That's just a bounce message. The From: address is spoofed but it's quite likely the email is being sent in YOUR name. These messages are sometimes called "backscatter" and frankly they're not helpful.

The only way to determine the true origin of a virus infected email is to trace back the IP addy in the mail headers.

Well, a typically mass-mailer worm selects a random address on the infected PC to send "from:" and another random one to send "to:". That's absolutely normal and to be expected.

Backscatter happens when (for example) an organisation gets 10,000 infected emails and then helpfully decides to tell the alleged sender that they sent an infected message - so it generates 10,000 bounce messages which it sends to wholly innocent (and uninfected) parties.

There's really no point configuring your software to tell the "sender" the message was infected, because the sender didn't actually send it. All it does do is create a great deal of confusion.